Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI incompatible to Sandboxie, making system vulnerable again

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
rzlm6g PSI incompatible to Sandboxie, making system vulnerable again
Member 13th Apr, 2014 19:05
Ranking: 0
Posts: 2
User Since: 13th Apr, 2014
System Score: N/A
Location: DE
I run Sandboxie to keep Firefox from the system partition. In the Firefox sandbox, there is a Flashplayer 12 plugin.

PSI "updates" Flashplayer 12 to 13 by automatically installing it outside the sandbox, leaving the old version there! I.e. PSI annuls the Sandboxie security feature and makes my system vulnerable through Flash exploits!

Windows 7 x64, Firefox Portable 28.0, Sandboxie 4.08 (x64), Secunia PSI 3.0

Anthony Wells RE: PSI incompatible to Sandboxie, making system vulnerable again
Expert Contributor 14th Apr, 2014 18:03
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

I am not sure I see/understand your problem .

The PSI will not update your Flash plug-in (NPAPI) in Firefox because it is a) in use in and b) running in Sandboxie . It may well update the plug-in in the Windows' C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_ 182.dll, version 13.0.0.182 (NPAPI) folder ,but that depends on whether it reads or not the Sandboxie version of Firefox .

If you close the Sanboxie sandbox with your Ff running and select "delete contents" then Flash 12.x will disappear . When your NPAPI 13.x is correctly installed (as above) either by the PSI or via the Adobe.com website (the latter being my preferred option) then the 12.x will be automatically replaced and 13.x will load with Ff in your next sandbox .

What else am I missing ?? Is version 12.x (NPAPI) being left behind in the SysWOW64 folder - along with 13.x ?? Is the fact your are using Firefox portable meaning that PSI is not updating Flash correctly ??

Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+3
-1

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability